EMG - JWT token validated against both API Proxies...

Report Inappropriate Content · 10-12-2016 10:53 AM

The inbuilt plugin for EMG OAuth validates both the APIProxies and Resource URIs in the Product against the JWT token payload product details. Why both needs to be validated (Proxy and Resource URIs)?

If I want to do only resource URI verification, not the API Proxy , is there any way I can do that?

const checkIfAuthorized = module.exports.checkIfAuthorized = function checkIfAuthorized(config, urlPath, proxy, decodedToken)

{ if (!decodedToken.api_product_list) { return false; } return decodedToken.api_product_list.some(function (product) { const validProxyNames = config.product_to_proxy[product]; if (!validProxyNames) { return false; } const apiproxies = config.product_to_api_resource[product]; var matchesProxyRules = false; if(apiproxies && apiproxies.length){

Former Community Member · 10-14-2016 12:17 PM

This behaviour is not consistent with Edge.

@kevinswiber - this looks like a defect.

francois-xavier · 05-31-2017 03:46 AM

Was that bug fixed in recent EMG versions?

Former Community Member · 05-31-2017 06:04 AM

No @Francois-Xavier KOWALSKI, this has not been fixed yet.

Report Inappropriate Content · 06-26-2017 09:26 AM

Internal ticket has been labeled cs critical for this bug. Awaiting update from engineering

EMG - JWT token validated against both API Proxies and Resource URI in OAUTH

Photos